RFC 3537 (rfc3537) - Page 1 of 9


Wrapping a Hashed Message Authentication Code (HMAC) key with a Triple-Data Encryption Standard (DES) Key or an Advanced Encryption Standard (AES) Key



Alternative Format: Original Text Document

Next >


Network Working Group                                          J. Schaad
Request for Comments: 3537                       Soaring Hawk Consulting
Category: Standards Track                                     R. Housley
                                                          Vigil Security
                                                                May 2003


       Wrapping a Hashed Message Authentication Code (HMAC) key
           with a Triple-Data Encryption Standard (DES) Key
             or an Advanced Encryption Standard (AES) Key

Status of this Memo

   This document specifies an Internet standards track protocol for the
   Internet community, and requests discussion and suggestions for
   improvements.  Please refer to the current edition of the "Internet
   Official Protocol Standards" (STD 1) for the standardization state
   and status of this protocol.  Distribution of this memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document defines two methods for wrapping an HMAC (Hashed
   Message Authentication Code) key.  The first method defined uses a
   Triple DES (Data Encryption Standard) key to encrypt the HMAC key.
   The second method defined uses an AES (Advanced Encryption Standard)
   key to encrypt the HMAC key.  One place that such an algorithm is
   used is for the Authenticated Data type in CMS (Cryptographic Message
   Syntax).

1. Introduction

   Standard methods exist for encrypting a Triple-DES (3DES) content-
   encryption key (CEK) with a 3DES key-encryption key (KEK) [3DES-
   WRAP], and for encrypting an AES CEK with an AES KEK [AES-WRAP].
   Triple-DES key wrap imposes parity restrictions, and in both
   instances there are restrictions on the size of the key being wrapped
   that make the encryption of HMAC [HMAC] keying material difficult.

   This document specifies a mechanism for the encryption of an HMAC key
   of arbitrary length by a 3DES KEK or an AES KEK.







Schaad & Housley            Standards Track


Next >


Web Standards & Support:

Link to and support eLook.org Powered by LoadedWeb Web Hosting
Valid XHTML 1.0! Valid CSS! eLook.org FireFox Extensions